Hackers Steal Vital Data From US Securities and Exchange Commission

Hackers broke into the systems of the top US securities regulator last year, and may have used confidential information to trade in the stock market. The Securities and Exchange Commission said yesterday that criminals exploited a software vulnerability in its filing system. While the breach was detected in 2016 and the weakness patched, the SEC says it wasn’t until last month that the agency realized the information may have been exploited through stock market trades.

It’s the second disclosure this month that cyber criminals exploited records entrusted to a key US financial institution. Credit reporting company Equifax said on Sept 7th that hackers had stolen personal information, such as social Social Security numbers and birth dates, for about half the nation’s population. In the SEC hack, the agency says personal data wasn’t stolen.

Instead, hackers broke into the SEC’s database of filings, called Edgar (Electronic Data Gathering, Analysis and Retrieval system), which houses information from thousands of public companies that are regulated by the agency. Edgar receives and processes more than 1.7 million electronic filings per year. The intruders may have taken advantage of information in the system that hadn’t yet been made public.

“We believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk,” the SEC said.